# Configuration documentation:
#   https://embarkstudios.github.io/cargo-deny/index.html

[advisories]
version = 2
yanked = "deny"
ignore = [
    # dependent on datafusion-common moving away from instant
    # https://github.com/apache/datafusion/pull/13355
    "RUSTSEC-2024-0384",
]
git-fetch-with-cli = true

[licenses]
version = 2
unused-allowed-license = "warn"
allow = [
    "Apache-2.0",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "BSD-4-Clause",
    "CC0-1.0",
    "ISC",
    "MIT",
    "Unicode-3.0",
    "Zlib",
]
exceptions = [
    # We should probably NOT bundle CA certs but use the OS ones.
    { name = "webpki-roots", allow = ["MPL-2.0"] },
    { allow = ["OpenSSL"], name = "ring" },
]

[[licenses.clarify]]
name = "ring"
expression = "BSD-4-Clause AND ISC AND MIT AND OpenSSL"
license-files = [
    # https://github.com/briansmith/ring/blob/95948b3977013aed16db92ae32e6b8384496a740/LICENSE
    { path = "LICENSE", hash = 0xbd0eed23 },
]

[sources.allow-org]
github = ["influxdata"]

[bans]
multiple-versions = "allow"
deny = [
    # We are using rustls as the TLS implementation, so we shouldn't be linking
    # in OpenSSL too.
    #
    # If you're hitting this, you might want to take a look at what new
    # dependencies you have introduced and check if there's a way to depend on
    # rustls instead of OpenSSL (tip: check the crate's feature flags).
    { name = "openssl-sys" },
    # We've decided to use the `humantime` crate to parse and generate friendly time formats; use
    # that rather than chrono-english.
    { name = "chrono-english" },
    # Use stdlib ( https://doc.rust-lang.org/stable/std/io/trait.IsTerminal.html )
    { name = "atty" },
]